Why India must gear up for cyber-terrorism

July 14, 2009 17:39 IST

Cyber terrorism is the next big form of terrorism that India is likely to face, says the Intelligence Bureau. Already, the agency has issued numerous warnings on cyber attacks. The first signs of tech-savvy terrorists came to light during the serial blasts that rocked the country a year ago. The question, however, is how geared up are we to face the threat?

Senior police officials told rediff.com that though there is a lot of work going on in this direction, there is always scope for improvement. But while officers speak of improvement and conducting multiple seminars to counter this future threat, a reality check with some cyber crime wings portrays a poor picture.

When cyber crime cells were set up in the country most cases pertained to sleaze mails. Now the complaints have become more sophisticated and cyber crime officials say that there are, at an average, four complaints of phishing mails that reach them everyday.

The detection rate is not something that one can be proud with only one out of four cases solved. Also miserable is the conviction rate.

Former Karnataka Director General of Police R Srikumar says the cyber ceels need to keep updating and deploy new tactics.

When one talks of cyber crime, the problem is whatever we may do is just not enough. We are good as long as we prevent an attack and we could also say that we are not good enough if we don't prevent one, he said.

The kinds of attacks we can expect:

The immediate threat to India is from our immediate neighbours, Pakistan and China.

According to the IB, China may try and destabilise our economy by launching attacks on our banking sectors. Pakistan, on the other hand, may attack essential commodity-related services instead.

Reports indicate that for a terrorist organisation, the easiest way to launch an attack on India would be through the cyber route. It is high investment, but it saves them the trouble of manpower on the field and the impact such an attack could cause is immense.

IB reports also suggest that terrorist organisations could start an Internet war by hacking into websites and sending out viruses to destabilise the enemy nation. The forms of cyber assaults would include cyber vandalism, destruction of essential commodity-related sites (ESCOMs) and phishing.

The cyber war on India is likely to be fought in three stages. First the enemy would bring down the control systems of defence installations, Parliament, railways and airports. Secondly, they would look to attack financial services such as banks and stock markets. Finally, ESCOMs and other utilities services will be taken over.

Cyber crime experts say this is a dangerous scenario. It will surely create a lot of panic and if they succeed, it could cause a lot of destruction since it would take days before the services actually recover.

Experts also say that although Pakistan-based terrorists will prove lethal, the worst attack could come from China through the use of the Distributed Denial of Services attacks. In a DDOS attack, the bandwidth of a targeted system is flooded. They keep attacking other systems by multiplying and creating a botnet.

India has had its share of such attacks, but they have not been on a large scale as yet. The sector that has been targetted the most through such an attack is the telecom sector, but they have managed to survive it thanks to a strong infrastructure. However, companies have to constantly upgrade to be one up on the enemy.

What India needs to do?

A combined effort is needed to counter the cyber threat, say experts. Also, cyber crime police stations need to be revamped soon. The process is already in motion, says an official in the Bengaluru cyber crime cell.

According to the official, they had hired around 12 engineers from a reputed IT firm to assist them. However, since they cannot do this all the time, it was decided to recruit professionals.

The latest batch of recruitments in a cyber cell will be computer and law graduates. "We would prefer having this combination since we need someone who has expertise in both computer applications as well as law since both are interlinked," he said.

A new batch of these graduates has arrived and they are been sent to several training programmes the official said, adding that these persons will be appointed on a sub-inspector level.

The Ministry of Finance too has upgraded its infrastructure to prevent cyber strikes. They have introduced a two token system, which mandates that a person carry with him a normal password and also a token that generates pin codes in real time. While logging-in the person will have to apply both.

Sources also point out that in key areas such as defence sectors, the use of a personal laptop has been banned. Only few laptops have been connected to both intranet and Internet.

There is a legal side to the problem too. Experts point out that if India needs to cater to this problem it cannot do so on its own. It will need the help of other countries. However, India is not a signatory to the 45-nation international convention on cyber crimes. Moreover, India still awaits a legal framework on cyber attacks.